<?php
//WinMyDNS数据库链接参数,请在这里手工修改
###############################################################################################
$WinMyDNSDbType="0";			                #数据为类型,0:Access,1:mssql数据库
$WInMyDNSAccessFile="../DB/WinMyDNS.MDB";	    #Access数据库文件名
$WinMyDNSDbIP = "127.0.0.1";		            #WINIIS_Server 数据库IP地址
$WinMyDNSDbName="WinMyDNS";				        #WINIIS_Server 数据库名
$WinMyDNSDbUser="sa";					        #WINIIS_Server 数据库用户名
$WinMyDNSDbPass="linyang";			            #WINIIS_Server 数据库密码
###############################################################################################

#WinMyDNS管理员用户名及密码,请在这里手工修改
###############################################################################################
$WinMyDNSAdminUser = "admin";		#WinMyDNS管理员登录名
$WinMyDNSAdminPass="123456";		#WinMyDNS管理员登录密码
###############################################################################################


#如果需要把mail.打头的域名隐性转发到winwebmail邮件服务器,请把下面的一行打开.
#call redirect_mail("main.winwebmail.com")

PageCount = "100"

Set conn = Server.CreateObject("ADODB.Connection")

if WinMyDNSDbType ="1" then
connstr="Provider=SQLOLEDB.1; Persist Security Info=True; Data Source="&WinMyDNSDbIP&"; Initial Catalog="&WinMyDNSDbName&"; User ID="&WinMyDNSDbUser&"; Password="&WinMyDNSDbPass
else
connstr="DBQ="+Server.Mappath(WInMyDNSAccessFile)+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
end if

conn.Open connstr



SQL_injdata = "'|exec |insert |select |update |delete |set |xp_cmdshell |exec master|xp_dirtree |exec master |char |net localgroup administrators | and |net user | or |mid( |asc( |truncate "
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(lcase(Request.QueryString(SQL_Get)),Sql_Inj(Sql_DATA))>0  Then
response.write "输入非法"
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(lcase(Request.Form(Sql_Post)),Sql_Inj(Sql_DATA))>0 Then
response.write "输入非法"
Response.end
end if
next
next
end if

ret = GetNetID()

'先判断是否有URL设置,如果该地址设置了URL转发,则直接转发到相关的地址.
call URLFun() %>

<%
'如果有URL转发设置的.直接转发到相关的地址
sub URLFun()
'先得到用户浏览器请求的网址
Server_Name = Request.ServerVariables("SERVER_NAME")
Server_Name = replace(Server_Name," ","")
Server_Name = replace(Server_Name,"'","")
Server_Name = replace(Server_Name,"&","")

set rsurl = conn.execute ("SELECT * FROM url WHERE domain='"&Server_Name&".' or  domain='"&Server_Name&"'  ")
if rsurl.eof  then
response.write "对不起，该网页不存在"
rsurl.close
set rsurl = nothing
exit sub
else
netid = GetNetID()
'在页面中进行跳转
do while not rsurl.eof
if cint(rsurl("netid"))=netid  then
URL_1 = rsurl("url")
flag_1 = rsurl("urltype")
elseif cint(rsurl("netid"))=0  then
URL_2 = rsurl("url")
flag_2 = rsurl("urltype")
else
URL_3 = rsurl("url")
flag_4 = rsurl("urltype")
end if
rsurl.movenext
loop
URL = URL_1
flag = flag_1

if URL="" then
URL = URL_2
flag = flag_2
end if

if URL="" then
URL = URL_3
flag = flag_3
end if

if left(lcase(URL),7)<>"http://" and left(lcase(URL),8)<>"https://" then
URL = "http://" & URL
end if

if flag <> "1" then
%>
<meta http-equiv="refresh" content="0;url=<%=URL%>">
<%
else%>
<html>
<head>
    <meta http-equiv='Content-Language' content='zh-cn'>
    <meta http-equiv='Content-Type' content='text/html; charset=gb2312'>
    <title><%=Server_Name%></title>
</head>
<frameset rows='*'><frameset cols='*' frameborder='NO' border='0' framespacing='0' rows='*'><frame name='contents' target='main' src='<%=URL%>' noresize scrolling='YES' frameborder='NO'><noframes><body bgcolor='#FFFFFF' text='#000000'>您的浏览器不支持框架！</body></noframes></frameset></html>
<%
end if
End If
'销毁对象
Set rs=Nothing
conn.close
Set conn=Nothing
response.end
end sub


Function GetNetID()
GetNetID = 0
ieip =  Request.ServerVariables("REMOTE_ADDR")
if ieip="" then exit function

call GetIPTable()

ieipA = split(ieip,".")
ieiplng = clng(ieipA(0))*255*255*255+clng(ieipA(1))*255*255+clng(ieipA(2))*255+clng(ieipA(3))

ipStartTable = application("ipStartTable")
ipendTable = application("ipendTable")
netidtable = application("netidtable")
for i=0 to application("ipnum")
if ieiplng >=ipStartTable(i) and ieiplng <=ipendTable(i) then
GetNetID = netidtable(i)
exit for
end if
next

end function

sub GetIPTable()
Dim ipStartTable(1000)	'IP表开始
Dim ipendTable(1000)	'IP段结束
Dim netidtable(1000)	'网络组

if application("ipload") = "" then
set rsip=conn.execute("select * from iptable ")
int j = 0
do while not rsip.eof
ipA = split(rsip("ip"),".")
ipstart = clng(ipA(0))*255*255*255+clng(ipA(1))*255*255+clng(ipA(2))*255+clng(ipA(3))
mask = cint(rsip("mask"))
inetnum=1
for i=0 to (32-mask-1)
inetnum = inetnum * 2
next
ipend = ipstart+inetnum-1

ipStartTable(j) = ipstart
ipendTable(j) = ipend
netidtable(j) = rsip("netid")

j = j +1
rsip.movenext
loop
rsip.close

application("ipload") = "load"
application("ipStartTable") = ipStartTable
application("ipendTable") = ipendTable
application("netidtable") = netidtable
application("ipnum") = j
end if
end sub

%>

<%Function redirect_mail(mailurl)
Server_Name = lcase(Request.ServerVariables("SERVER_NAME"))
if left(Server_Name,5)<>"mail." then exit function
mailurl=lcase(mailurl("url"))
mailurl=replace(mailurl,"http://","")
%>
<html>
<head>
    <meta http-equiv='Content-Language' content='zh-cn'>
    <meta http-equiv='Content-Type' content='text/html; charset=gb2312'>
    <title>邮局管理系统</title>
</head>
<frameset rows='*'><frameset cols='*' frameborder='NO' border='0' framespacing='0' rows='*'><frame name='contents' target='main' src='http://<%=mailurl%>' noresize scrolling='YES' frameborder='NO'><noframes><body bgcolor='#FFFFFF' text='#000000'>您的浏览器不支持框架！</body></noframes></frameset></html>
<%
response.end
end function
%>